Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Controlling the use of the RACDCERT command z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
Authority to the IRR.DIGTCERT.function resource
in the FACILITY
class allows a user to issue the RACDCERT command. To issue the RACDCERT
command, users must have one of the following authorities:
For detailed information about the RACDCERT command and the authority required to execute each command, see z/OS Security Server RACF Command Language Reference. Note that users who have insufficient authority to the IRR.DIGTCERT.LIST resource can use the RACDCERT CHECKCERT command to display some digital certificate information if they have READ authority to the data set containing the certificate. The output they receive reflects only the certificate information contained in the data set. Because they lack sufficient authority to the IRR.DIGTCERT.LIST resource, they will not receive certificate information contained in the RACF® database, such as the TRUST status, the LABEL, or the RACF user ID associated with the certificate. For an example of this output, see Examples of checking digital certificate information. Unlike the other RACDCERT functions, there is only one access level for LISTCHAIN, which is CONTROL. Only users who have CONTROL authority to the IRR.DIGTCERT.LIST resource can use the RACDCERT LISTCHAIN command to display information about the certificates in the chain. |
Copyright IBM Corporation 1990, 2014
|